<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is defined in [RFC 2617] and updated by [RFC 7235] for the [HTTP Authentication Framework] which can be used by a [HTTP] [server] to challenge a [client] request and by a client to provide [authentication] information. 

The [challenge-response] flow works like this: 
* The server responds to a client with a [HTTP 401] ([Unauthorized]) [HTTP Response Header] status and provides information on how to [authorize|Authorization] with a [WWW-Authenticate] [HTTP Response] [HTTP Header Field] containing at least one challenge. 
* A client that wants to [authenticate] itself with a server can then do so by including an [Authorization Header] [HTTP Request Header] [HTTP Header Field] with the [credentials]. 
Usually a client will present a [password] prompt to the [End-User] and will then issue the request including the correct Authorization header.

The [realm] value should be considered an opaque [string] which can only be compared for equality with other [realms] on that [server]. The [server] will service the request only if it can validate the [userId] and [password] for the protection space of the Request-[URI].

There are no optional [authentication] parameters.

For Basic, the framework above is utilized as follows:
%%prettify 
{{{
challenge   = &quot;Basic&quot; realm
credentials = &quot;Basic&quot; basic-credentials
}}} /%

!! [Proxy-Authenticate] [Proxy Authorization|Proxy-Authorization]
The same [{$pagename}] mechanism can be used for [proxy] [authentication]. In this case, it is an intermediate proxy that requires [authentication]. As both [resource] [authentication] and [proxy] [authentication] can coexist, a different set of [HTTP Header Fields] and [HTTP Status Codes] are needed. In the case of proxies, the challenging status code is [HTTP 407] (Proxy Authentication Required), the [Proxy-Authenticate] response header contains at least one challenge applicable to the [proxy], and the [Proxy-Authorization] [HTTP Request] is used for providing the [credentials] to the [Proxy Server].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>